23.247.2.45 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: Global Frag Networks

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	ET CINS Active Threat Intelligence Poor Reputation IP group 9 - port: 389 proto: TCP cat: Misc Attack	2019-12-01 19:10:23
attackbotsspam	Scanning random ports - tries to find possible vulnerable services	2019-08-10 16:11:10

Comments on same subnet:

IP	Type	Details	Datetime
23.247.27.29	spamattack	PHISHING AND SPAM ATTACK FROM "Wifi Booster - SignalTechWiFiBooster@prostatenatural.us -" : SUBJECT "Slow...WiFi?...Here's..how..to..fix..it-FAST..&..CHEAP! " : RECEIVED "from [23.247.27.29] (port=41922 helo=king.prostatenatural.us) " : DATE/TIMESENT "Sun, 14 Mar 2021 00:45:27 " IP ADDRESS "NetRange: 23.247.0.0 - 23.247.127.255 OrgName: LayerHost "	2021-03-14 05:22:03
23.247.27.21	spamattack	PHISHING AND SPAM ATTACK FROM "Professional Drone - ProfessionalDrone@newfund.buzz -" : SUBJECT "The perfect professional drone on a budget. " : RECEIVED "from [23.247.27.21] (port=37460 helo=data.newfund.buzz) " : DATE/TIMESENT "Sat, 06 Mar 2021 23:04:10 " IP ADDRESS "NetRange: 23.247.0.0 - 23.247.127.255 OrgName: LayerHost "	2021-03-07 08:14:27
23.247.27.20	spamattack	PHISHING AND SPAM ATTACK FROM "Damian Campbell - SurviveTHISCrisis@newfund.buzz -" : SUBJECT "Does This Prove We're Witnessing the Beginning of the End? " : RECEIVED "from [23.247.27.20] (port=42573 helo=york.newfund.buzz) " : DATE/TIMESENT "Sat, 06 Mar 2021 22:02:28 " IP ADDRESS "NetRange: 23.247.0.0 - 23.247.127.255 OrgName: LayerHost "	2021-03-07 08:06:39
23.247.27.26	spamattack	PHISHING AND SPAM ATTACK FROM "Better Vision Today - BetterVisionToday@nerveshield.buzz -" : SUBJECT "Brain Scan Uncovers Root Cause For Vision Loss " : RECEIVED "from [23.247.27.26] (port=52023 helo=carme.nerveshield.buzz) " : DATE/TIMESENT "Sun, 07 Mar 2021 05:16:38 " IP ADDRESS "NetRange: 23.247.0.0 - 23.247.127.255 OrgName: LayerHost "	2021-03-07 08:03:56
23.247.27.23	attack	PHISHING AND SPAM ATTACK FROM "African Tribesmen - PenisElongationRitual@savageprotocol.cyou -" : SUBJECT "African Tribesmen Teach White Chick Member Elongation Secret " : RECEIVED "from [23.247.27.23] (port=44798 helo=denver.savageprotocol.cyou) " : DATE/TIMESENT "Sun, 07 Mar 2021 01:16:49 " IP ADDRESS "NetRange: 23.247.0.0 - 23.247.127.255 OrgName: LayerHost "	2021-03-07 08:00:42
23.247.27.25	spamattack	PHISHING AND SPAM ATTACK FROM "African Tribesmen - AfricanTribesmen@heardial.buzz -" : SUBJECT "Husband Offers His Wife To African Tribesmen To Find Elongation Secret " : RECEIVED "from [23.247.27.25] (port=41385 helo=miami.heardial.buzz) " : DATE/TIMESENT "Sat, 06 Mar 2021 06:51:29 " IP ADDRESS "NetRange: 23.247.0.0 - 23.247.127.255 OrgName: LayerHost "	2021-03-06 07:57:53
23.247.22.115	attackbotsspam	TCP src-port=59858 dst-port=25 Listed on dnsbl-sorbs barracuda spamcop (3)	2020-02-25 14:49:13
23.247.22.104	attackbotsspam	Dec 18 16:33:22 grey postfix/smtpd\[12395\]: NOQUEUE: reject: RCPT from unknown\[23.247.22.104\]: 554 5.7.1 Service unavailable\; Client host \[23.247.22.104\] blocked using bl.spamcop.net\; Blocked - see https://www.spamcop.net/bl.shtml\?23.247.22.104\; from=\<3037-1134-56717-947-principal=learning-steps.com@mail.burgines.info\> to=\ proto=ESMTP helo=\ ...	2019-12-19 05:27:53
23.247.22.37	attackbotsspam	Autoban 23.247.22.37 AUTH/CONNECT	2019-10-17 01:02:30
23.247.2.43	attackbots	Port scan: Attack repeated for 24 hours	2019-07-08 05:58:42
23.247.2.43	attackbotsspam	Attempted to connect 2 times to port 389 UDP	2019-07-07 14:23:34

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 23.247.2.45
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 16453
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;23.247.2.45.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019081000 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sat Aug 10 16:10:55 CST 2019
;; MSG SIZE  rcvd: 115

Host info

Host 45.2.247.23.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 45.2.247.23.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
49.184.209.147	attackbotsspam	php WP PHPmyadamin ABUSE blocked for 12h	2020-08-18 18:56:46
74.82.47.2	attackspam	srvr1: (mod_security) mod_security (id:920350) triggered by 74.82.47.2 (US/-/scan-09.shadowserver.org): 1 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/08/18 05:11:18 [error] 267988#0: 417409 [client 74.82.47.2] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/"] [unique_id "159772747860.669048"] [ref "o0,13v21,13"], client: 74.82.47.2, [redacted] request: "GET / HTTP/1.1" [redacted]	2020-08-18 18:20:33
211.35.67.133	attack	Dovecot Invalid User Login Attempt.	2020-08-18 18:32:19
106.13.41.87	attack	Aug 18 12:26:33 fhem-rasp sshd[4460]: Invalid user erik from 106.13.41.87 port 36794 ...	2020-08-18 18:27:41
153.101.167.242	attackspambots	Aug 18 12:46:40 nextcloud sshd\[20233\]: Invalid user ahsan from 153.101.167.242 Aug 18 12:46:40 nextcloud sshd\[20233\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=153.101.167.242 Aug 18 12:46:42 nextcloud sshd\[20233\]: Failed password for invalid user ahsan from 153.101.167.242 port 60446 ssh2	2020-08-18 18:46:46
111.229.168.229	attack	Aug 18 10:17:44 sshd\[6266\]: Invalid user testtest from 111.229.168.229Aug 18 10:17:46 sshd\[6266\]: Failed password for invalid user testtest from 111.229.168.229 port 57466 ssh2 ...	2020-08-18 18:53:29
155.94.146.82	attackbots	Invalid user edu from 155.94.146.82 port 37894	2020-08-18 18:30:04
111.231.192.209	attack	Aug 18 06:50:29 firewall sshd[5348]: Invalid user felipe from 111.231.192.209 Aug 18 06:50:31 firewall sshd[5348]: Failed password for invalid user felipe from 111.231.192.209 port 59888 ssh2 Aug 18 06:56:14 firewall sshd[5540]: Invalid user test123 from 111.231.192.209 ...	2020-08-18 18:29:12
146.88.240.4	attackspambots	UDP 146.88.240.4:41697 -> port 389, len 81	2020-08-18 18:45:23
8.30.197.230	attack	$f2bV_matches	2020-08-18 18:22:07
61.5.55.165	attackbotsspam	Attempt to log in with non-existing username: admin	2020-08-18 18:37:05
49.88.112.60	attack	Aug 18 09:23:14 game-panel sshd[19736]: Failed password for root from 49.88.112.60 port 18249 ssh2 Aug 18 09:23:16 game-panel sshd[19736]: Failed password for root from 49.88.112.60 port 18249 ssh2 Aug 18 09:23:18 game-panel sshd[19736]: Failed password for root from 49.88.112.60 port 18249 ssh2	2020-08-18 18:20:16
106.12.110.157	attackbotsspam	Aug 18 03:49:28 localhost sshd\[4641\]: Invalid user lorence from 106.12.110.157 port 19206 Aug 18 03:49:28 localhost sshd\[4641\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.110.157 Aug 18 03:49:30 localhost sshd\[4641\]: Failed password for invalid user lorence from 106.12.110.157 port 19206 ssh2 ...	2020-08-18 18:36:35
115.84.76.81	attackspam	20/8/17@23:49:21: FAIL: Alarm-Network address from=115.84.76.81 20/8/17@23:49:21: FAIL: Alarm-Network address from=115.84.76.81 ...	2020-08-18 18:41:36
115.75.120.42	attack	Unauthorised access (Aug 18) SRC=115.75.120.42 LEN=52 TTL=111 ID=17566 DF TCP DPT=445 WINDOW=8192 SYN	2020-08-18 18:56:29

Recently Reported IPs

180.127.94.81	107.175.101.134	125.161.202.10	210.211.122.14
218.238.150.144	54.219.168.168	85.105.37.49	136.243.145.68
34.94.83.172	185.164.72.98	77.199.95.6	180.159.4.164
115.28.17.58	123.12.192.149	192.236.147.208	191.26.212.6
71.88.252.84	59.52.186.101	218.152.181.196	80.172.241.36